[SOLVED] using dpkg in recovery and it's requesting to install packages not authenticated

User Name

Remember Me?

Password

Linux MintThis forum is for the discussion of Linux Mint.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

First, a quick discussion of package basics.
On most, possibly all, Linux distros, software packages are signed to ensure that they are the authentic packages provided by your distro's maintainers.
In order for your distro to authenticate these signatures, you need to have the correct gpg authentication keys installed.
These authentication keys should be properly installed already if the distro is correctly installed.

There are situations where the keys for a given repository may not be present on your system and need to be installed manually. In most cases, this is not recommended for newbies as mixing repositories can, and usually does, result in a totally FUBAR'd system.

If you are certain that your sources.list file is still original, with no changes to the repositories that are intended for your system, then it might be safe to install without verification. However, at some point you will have to re-install the authentication keys.
I suspect, however, that you may have added repositories that are not compatible with your distro, and if that's the case you're just going to keep running into issues like this.

The best way forward is to use a live-CD distro to back-up your important data files to an external drive and re-install the latest version of your preferred distro. A fresh install will not have these issues and you'll be up and running a lot quicker that way than trying to troubleshoot what is clearly a system in distress.

Distribution: Debian derivitives switched to Mint from Ubuntu but play with them all time and brain permitting...

Posts: 247

Original Poster

Rep:

Quote:

Originally Posted by qlue

First, a quick discussion of package basics.
On most, possibly all, Linux distros, software packages are signed to ensure that they are the authentic packages provided by your distro's maintainers.
In order for your distro to authenticate these signatures, you need to have the correct gpg authentication keys installed.
These authentication keys should be properly installed already if the distro is correctly installed.

There are situations where the keys for a given repository may not be present on your system and need to be installed manually. In most cases, this is not recommended for newbies as mixing repositories can, and usually does, result in a totally FUBAR'd system.

If you are certain that your sources.list file is still original, with no changes to the repositories that are intended for your system, then it might be safe to install without verification. However, at some point you will have to re-install the authentication keys.
I suspect, however, that you may have added repositories that are not compatible with your distro, and if that's the case you're just going to keep running into issues like this.

The best way forward is to use a live-CD distro to back-up your important data files to an external drive and re-install the latest version of your preferred distro. A fresh install will not have these issues and you'll be up and running a lot quicker that way than trying to troubleshoot what is clearly a system in distress.

Thanx for the reply; I have just a few comments because I don't understand why I can add updates via gui updater without having authentication issues, and then will follow your unstructions.
When I do updates via the update notification icon in panel I do not run into authentication problems. I did not add any other repositories and only have them running dpkg from grub menu during boot. sorry I can't remember the process I choose in that menu. I'm severly command line and maybe Linux challenged because of dementia.... many thanx agin...

I did not add any other repositories and only have them running dpkg from grub menu during boot.

Well, this is a bit beyond my knowledge but I do know that the grub shell is not a Linux shell. (though it does have a very small subset if bash commands.)
Chances are that the gpg keys are not even available in that environment.

Like I said though, if you're certain the packages are coming from the right place, you can take a chance and install them without authentication. It's really your call and your own judgement is the best guess here.

They main reason for the authentication keys is to prevent a hacker from spoofing the repository and tricking you into installing tainted packages. I feel that the risk of this is fairly low for most private machines using there own home connection. However, the risk is much greater using public Wifi where a hacker could setup a "free" access point and use it for a "man-in-the-middle" attack.

It all comes down to how certain your are that the packages are legit and from a trusted source. If you have any doubts, don't install without authentication. If you're certain they're legit, then it's okay to install without authentication.